Commit a92f2bfb authored by Adrien Di Mascio's avatar Adrien Di Mascio
Browse files

yet some more corner cases handled

- registration link can now be played twice even on an existing open session
- if autologin fails, this probably means that a user with same login already
  exists, so redirect the error page

--HG--
branch : stable
parent f8c30fe1c340
......@@ -4,7 +4,7 @@
modname = 'registration'
distname = 'cubicweb-registration'
numversion = (0, 3, 2)
numversion = (0, 3, 3)
version = '.'.join(str(num) for num in numversion)
license = 'LGPL'
......
cubicweb-registration (0.3.3-1) unstable; urgency=low
* new upstream release
-- Adrien Di Mascio <Adrien.DiMascio@logilab.fr> Thu, 06 May 2010 17:17:05 +0200
cubicweb-registration (0.3.2-1) unstable; urgency=low
* new upstream release
......
......@@ -103,10 +103,11 @@ class RegistrationTC(CubicWebTC):
expected_errors={param: msg})
self.assertEquals(req.get_session_data('captcha'), None)
def _confirm_req(self, key=None):
def _confirm_req(self, key=None, overriden={}):
self.login('anon')
req = self.request()
data = self._posted_form('upassword-subject-confirm')
data.update(overriden)
if key is None:
key = encrypt(data, self.config['registration-cypher-seed'])
req.form = {'key': key}
......@@ -126,14 +127,33 @@ class RegistrationTC(CubicWebTC):
for k, v in self.data.items()))
self.failUnless(rset.rowcount)
def _check_error(self, req, path,
expected_path='registration',
expected_errors=None,
expected_params=None,
expected_formvalues=None):
path, params = self.expect_redirect_publish(req, path)
self.assertEquals(path, expected_path)
self.assertEquals(params, expected_params or {})
forminfo = req.get_session_data('registration')
if forminfo is None:
self.failIf(expected_errors or expected_formvalues)
else:
self.assertEquals(forminfo['eidmap'], {})
self.assertEquals(forminfo['values'], expected_formvalues or {})
error = forminfo['error']
self.assertEquals(error.entity, None)
self.assertEquals(error.errors, expected_errors or {})
def test_confirm_failure_login_already_used(self):
self.create_user(self.data['login-subject'])
self.commit()
req = self._confirm_req()
# try to recreate a 'admin' user.
req = self._confirm_req(overriden={'login-subject': 'admin'})
formvalues = self._posted_form('upassword-subject',
'upassword-subject-confirm')
formvalues['login-subject'] = 'admin'
self._check_error(req, 'registration_confirm',
expected_formvalues=self._posted_form('upassword-subject',
'upassword-subject-confirm'),
expected_errors={'login-subject': 'the value "%(login-subject)s" is already used, use another one' % self.data})
expected_formvalues=formvalues,
expected_errors={'login-subject': 'the value "admin" is already used, use another one'})
def test_confirm_failure_invalid_data(self):
req = self._confirm_req('dummykey')
......
......@@ -132,13 +132,18 @@ class RegistrationConfirmController(controller.Controller):
except:
msg = req._(u'Invalid registration data. Please try registering again.')
raise Redirect(req.build_url(u'register', __message=msg))
if self._cw.user.login == login:
# already logged in (e.g. regstration link replayed twice in the browser)
raise Redirect(self.success_redirect_url())
req.form = data # hijack for proper validation error handling
err_raised = False
try:
self.appli.repo.register_user(login, password,
email=data.get(qname('address')),
firstname=data.get(qname('firstname')),
surname=data.get(qname('surname')))
except ValidationError, err:
err_raised = True
# XXX TEMPORARY HACK to allow registration links to work more than
# once. This is required because some email clients (e.g. kmail)
# start by downloading the url to find the mimetype of the resource
......@@ -157,6 +162,11 @@ class RegistrationConfirmController(controller.Controller):
self.appli.session_handler.set_session(req)
except Redirect:
pass
if req.user.login != 'login' and err_raised:
# if both authentication and register_user() failed, the problem
# is probably that we do have a true login conflict, just re-raise
# the original validation error
raise
assert req.user.login == login
raise Redirect(self.success_redirect_url())
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment